Code-Bin #546

untitled PHP Code
Posted by: rhonda | March 12, 2010 @ 11:49pm

PHP Code

<?php
require("ipcheck.php");
require("./lib/killtags.lib.php");

/**********************************************************
 *******                                          *********
 ******* These lines are commented out as a test. *********
 ******* It is likely that they are not needed,   *********
 ******* and are a major contributor to the all   *********
 ******* of the chat's security vulnerabilites.   *********
 *******                                          *********
 **********************************************************/
 
// Get the names and values for vars sent by index.lib.php3
//if (isset($HTTP_GET_VARS))
//{
//	while(list($name,$value) = each($HTTP_GET_VARS))
//	{
//		$$name = killtags($value);
//	};
//};
//
// *********** END TEST ***********************************

// Get the names and values for post vars
if (isset($HTTP_POST_VARS))
{
	while(list($name,$value) = each($HTTP_POST_VARS))
	{
		$$name = killtags($value);
	};
};

require("./config/config.lib.php3");
require("./localization/english/localized.chat.php3");
require("./lib/release.lib.php3");
require("./lib/database/".C_DB_TYPE.".lib.php3");
require("./lib/clean.lib.php3");
require("sanitize.inc");

header("Content-Type: text/html; charset=${Charset}");

// avoid server configuration for magic quotes
set_magic_quotes_runtime(0);

$U = urldecode($U);
$R = urldecode($R);
$P = urldecode($P);

$R = str_replace("*", "", $R);
if ($T != 0 && $T != 1) $T = 1;

// Translate to html special characters, and entities if message was sent with a latin 1 charset
$Latin1 = ($Charset == "iso-8859-1");
function special_char($str,$lang)
{
	return addslashes($lang ? htmlentities(stripslashes($str)) : htmlspecialchars(stripslashes($str)));
};

$DbLink = new DB;

// ** Updates user info in connected users tables and fix some security issues **
// Fixed a security issue thanks to SeazoN
if (C_REQUIRE_REGISTER && (!isset($PWD_Hash) || $PWD_Hash == ''))
{
	header("Location: index.php?KICKED=5");
}
else if (isset($PWD_Hash) && $PWD_Hash != '')
{
	$DbLink->query(	'SELECT ' . C_USR_TBL . '.room, ' . C_USR_TBL . '.status, ' . C_USR_TBL . '.timeout, ' . C_USR_TBL. '.ip'
					. ' FROM ' . C_USR_TBL . ', ' . C_REG_TBL
					. ' WHERE ' . C_USR_TBL . '.username = \'' . addslashes($U) . '\''
					.   ' AND ' . C_REG_TBL . '.username = \'' . addslashes($U) . '\''
					.   ' AND ' . C_REG_TBL . '.password = \'' . addslashes($PWD_Hash) . '\''
					. ' LIMIT 1');
}
else // C_REQUIRE_REGISTER == 0 && $PWD_Hash is empty
{
	$DbLink->query('SELECT username FROM ' . C_REG_TBL . ' WHERE username = \'' . addslashes($U) . '\' LIMIT 1');
	if ($DbLink->num_rows() == 0)
	{
		$DbLink->query('SELECT room, status, timeout, ip FROM ' . C_USR_TBL . ' WHERE username = \'' . addslashes($U) . '\' LIMIT 1');
	}
	else
	{
		$DbLink->clean_results();
		$DbLink->close();
//		exit(); // hack attack
		header("Location: index.php?KICKED=5");
	}
}
// End of SeazoN Fix

// ** Updates user info in connected users tables **
//$DbLink->query("SELECT room,status,timeout FROM ".C_USR_TBL." WHERE username = '" . addslashes($U) . "' LIMIT 1");
if ($DbLink->num_rows() != 0)
{
	list($room,$status,$timeout) = $DbLink->next_record();
	//$DbLink->clean_results();
	$kicked = 0;

if (in_array($R, $LimitUsersIn))
	{
		// Count the number of users currently in the room the user wants to enter
		$DbLink->query("SELECT * FROM " . C_USR_TBL . " WHERE room = '" . addslashes($R) . "' AND status != 'g' AND status != 'a' AND status != 'o'");
		$MinReached = $DbLink->num_rows();

// If the user count is equal to the min number of users, engage the autokick.
		if ($MinReached >= AUTOKICK_MIN_USRS)
		{
			if ($status != "o" && $status != "a" && $status != "g")
			{
				if ($timeout < time())
				{
					$status = "t";
				}
			}
		}
	}

if ( isset($R) && ($room != stripslashes($R)))	// Same nick in another room
	{
		// Add an exit notification if room is not in $NoNotifyRooms array
		if (!in_array($R, $NoNotifyRooms))
		{
			$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '" . addslashes($R) . "', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")','','" . addslashes($P) . "','" . $_SERVER['REMOTE_ADDR'] . "')");
		};

unset($P);
		$kicked = 3;
	}
	elseif ($status == "k")		// Kicked by a moderator or the admin.
	{
		$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '" . addslashes($R) . "', 'SYS exit', '', ".time().", '', 'sprintf(L_KICKED, \"".special_char($U,$Latin1)."\")','','" . addslashes($P) . "','" . $_SERVER['REMOTE_ADDR'] . "')");
		unset($P);
		$kicked = 1;
	}
	elseif ($status == "d")			// The admin just deleted the room
	{
		unset($P);
		$kicked = 2;
	}
	elseif ($status == "b")			// Banished by a moderator or the admin.
	{
		$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '" . addslashes($R) . "', 'SYS exit', '', ".time().", '', 'sprintf(L_BANISHED, \"".special_char($U,$Latin1)."\")','','" . addslashes($P) . "','" . $_SERVER['REMOTE_ADDR'] . "')");
		unset($P);
		$kicked = 4;
	}
	elseif ($status == "t")			// User timed out due to no activity.
	{
		$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '" . addslashes($R) . "', 'SYS exit', '', ".time().", '', 'sprintf(L_TIMEOUT, \"".special_char($U,$Latin1,1)."\")','','" . addslashes($P) . "','" . $_SERVER['REMOTE_ADDR'] . "')");
		unset($P);
		$kicked = 5;
	};
/* Rhonda ban fix 1/24/10 */
	if ($kicked > 0)
	{
		// Kick the user from the current room
		
		// see rhonda.functions.php
		destroyUser();
		
		?>
		<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
		
		</SCRIPT>
		<?php
		$DbLink->close();
		exit;
	}
/* End Rhonda ban fix */
}
else
{
	exit();
}

// ** Send formated messages to the message table **
function AddMessage($M, $T, $R, $U, $C, $Private, $P="")
{
	global $DbLink;
	global $Latin1;
	global $status;

// Text formating tags

//USELESS FUCKING REGEX. GRRRRR - RHONDA

// keep U, B and I tags
		$M = str_replace("<", "<", $M);
		$M = str_replace(">", ">", $M);

if(function_exists("preg_match"))
		{
			while(preg_match("/<([ubi]?)>(.*?)<(\/\\1)>/i",$M))
			{
				$M = preg_replace("/<([ubi]?)>(.*?)<(\/\\1)>/i","<\\1>\\2<\\3>",$M);
			}
	
		}

// e-mail addresses
	$M = eregi_replace('([0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](fo|g|l|m|mes|o|op|pa|ro|seum|t|u|v|z)?)', '<a href="mailto:\\1">\\1</a>', $M);

// Fix for Broken Tags in URLs
	// Counts occurrences of simple HTML tags (). Then counts occurrences of closing tags.
	// If the number of opening tags does not match the number of closing tags, the missing closing
	// tags are added automatically. Since this problem only occurs when entering URL links, the
	// </a> tag is also added, even though it's not absolutely needed.
	// Written without using RegExps for simplicity.
	$b_lower_count = substr_count($M, '');
	$b_upper_count = substr_count($M, '');

$u_lower_count = substr_count($M, '');
	$u_upper_count = substr_count($M, '');

$i_lower_count = substr_count($M, '');
	$i_upper_count = substr_count($M, '');

$b_lower_close_count = substr_count($M, '');
	$b_upper_close_count = substr_count($M, '');

$u_lower_close_count = substr_count($M, '');
	$u_upper_close_count = substr_count($M, '');

$i_lower_close_count = substr_count($M, '');
	$i_upper_close_count = substr_count($M, '');

If ($b_lower_count != $b_lower_close_count) $M = $M . "</a>";
	If ($u_lower_count != $u_lower_close_count) $M = $M . "</a>";
	If ($i_lower_count != $i_lower_close_count) $M = $M . "</a>";

If ($b_upper_count != $b_upper_close_count) $M = $M . "</a>";
	If ($u_upper_count != $u_upper_close_count) $M = $M . "</a>";
	If ($i_upper_count != $i_upper_close_count) $M = $M . "</a>";
	//
	// End Fix
	
	// Rhonda's fix for HTML tags [3/12/10]	
	// Allow font [and 'color'] tag to be used
	$M = strip_tags($M, '');
	
	// End Rhonda's fix

// Smilies
	if (C_USE_SMILIES == 1)
	{
		include("./lib/smilies.lib.php3");
		Check4Smilies($M,$SmiliesTbl);
		unset($SmiliesTbl);
	};

// transform ISO-8859-1 special characters
	if ($Latin1)
	{
		global $MsgTo;
		ereg("(.*)(".$MsgTo."(>)?)(.*)",$M,$Regs);
		if ($MsgTo != "" && ($Regs[1] == "" && $Regs[4] == "")) $Regs[4] = $M;
		if (!ereg("&[[:alnum:]]{1,10};",$Regs[1]) && !ereg("&[[:alnum:]]{1,10};",$Regs[4]))
		{
			for ($i = 1; $i <= 4; $i++)
			{
				if (($i != 1 && $i != 4) || $Regs[$i] == "") continue;
				$part = $Regs[$i];
				$part = htmlentities($part);
				$part = str_replace("<", "<", $part);
				$part = str_replace(">", ">", $part);
				$part = str_replace("&lt;", "<", $part);
				$part = str_replace("&gt;", ">", $part);
				$part = str_replace(""","\"", $part);
				$part = ereg_replace("&(#[[:digit:]]{2,5};)", "&\\1", $part);
				$Regs[$i] = $part;
			}
			$M = $Regs[1].$Regs[2].$Regs[4];
		}
	}

if (isset($C) and $C != "")
	{
		// Red colors are reserved to the admin or a moderator for the current room
		if ((ereg('#(FF0000|fc403f|fc4b34|fa582a|f66421|f27119|ec7e11|ec117f|f21971|f62164|fa2a58|fc344b)', $C))
			&& !($status == "a" || $status == "m" || $status == "g" || $status == "o")) // MODIFIED FOR GLOBAL MOD
			$C = "#00FF00";
		$M = " ".$M." ";
	};

// Get user's current alias
	$DbLink->clean_results();
	$DbLink->query("SELECT alias FROM ".C_USR_TBL." WHERE username='" . addslashes($U) . "' LIMIT 1");
	$found = ($DbLink->num_rows() != 0);
	if ($found) {
	    list($A) = $DbLink->next_record();
	} else {
	    $A = "";
	}
	//$DbLink->clean_results();

$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '" . addslashes($R) . "', '".addslashes($U)."', '$Latin1', ".time().", '$Private', '".addslashes($M)."','" . addslashes($A) . "','" . addslashes($P) . "','" . $_SERVER['REMOTE_ADDR'] . "')");

// Update the user's "timeout" value
	$DbLink->query("UPDATE " . C_USR_TBL . " SET timeout = " . (time() + (C_USR_TIMEOUT*60)) . " WHERE username = '" . addslashes($U) . "'");

// Experimental
	$namearray = array('karma');
	if (in_array(strtolower($U), $namearray) || in_array(strtolower($Private), $namearray) || in_array(strtolower($A), $namearray))
	{
		// Log activity
		$LogFile = "/home/roleplay/cosmos-rp.com/administrative/panel/commlogs/export.php";

$FileStream = fopen($LogFile, "a");
		if (!$FileStream)
		{
			echo("Could not open the log file.  Contact the SysOp.");
			exit;
		}

$ToWrite = "\n" . $T . "\n" . $R . "\n" . $U. "\n" . $_SERVER["REMOTE_ADDR"] . "\n" . date("H:i:s", time()) . "\n" . $Private . "\n" . $M . "\n" . $A . $P;
		$ToWrite .= "\n\n";

fwrite($FileStream, $ToWrite);
		fclose($FileStream);
	};
	// End Experimental

// Record Moderated rooms to their own table.
	if( $R == "MainStage" )
	{
		$DbLink->query("INSERT INTO c_messages_mainstage VALUES ($T, '" . addslashes($R) . "', '".addslashes($U)."', '$Latin1', ".time().", '$Private', '".addslashes($M)."','" . addslashes($A) . "','" . addslashes($P) . "')");
	};
	if( $R == "StageLeft" )
	{
		$DbLink->query("INSERT INTO c_messages_stageleft VALUES ($T, '" . addslashes($R) . "', '".addslashes($U)."', '$Latin1', ".time().", '$Private', '".addslashes($M)."','" . addslashes($A) . "','" . addslashes($P) . "')");
	};
}

// ** Define the default color that will be used for messages **
if (isset($HTTP_COOKIE_VARS["CookieColor".$U])) $CookieColor = $HTTP_COOKIE_VARS["CookieColor".$U];
if (isset($CookieColor) && $CookieColor != "") $C = $CookieColor; // ADDED FOR COLOR SAVE ACROSS ROOMS AND LOGOUT
if(!isset($C))
{
	if(!isset($CookieColor))
	{
		// set default color to white
		$C = "#efeeee";
	}
	elseif (ereg('#(FF0000|fc403f|fc4b34|fa582a|f66421|f27119|ec7e11|ec117f|f21971|f62164|fa2a58|fc344b)', $CookieColor))
	{
		// Red colors are reserved to the admin or a moderator for the current room
		if (!(isset($status) && ($status == "a" || $status == "m"))) $C = "#efeeee";
	}

if (!isset($C))
	{
		$C = $CookieColor;
	}
}
setcookie("CookieColor".$U, $C, time() + 60*60*24*365);        // cookie expires in one year

// ** Test for online commands and swear words **
$IsCommand = false;
$RefreshMessages = false;
$IsPopup = false;
$IsM = false;
if (isset($M) && trim($M) != "" && ereg("^(\/|\:)", $M)) include("./lib/commands.lib.php3");
if (isset($M) && ereg("^(\/|\:)", $M) && !($IsCommand) && !isset($Error)) $Error = L_BAD_CMD;
if (isset($M) && trim($M) != "" && (!isset($M0) || ($M != $M0)) && !($IsCommand || isset($Error)))
{

/***********************************
// If moderated room - don't allow
global $DefaultModRooms;
global $DbLink;
$isModerated = false;
for ($i = 0; $i < count($DefaultModRooms); $i++)
{
	if( $R == $DefaultModRooms[$i] )
	{
		$isModerated = true;
		break;
	};
};
if( $isModerated )
{
	// Verify that this is not a moderator or admin
	$DbLink->query("SELECT perms,rooms FROM ".C_REG_TBL." WHERE username='" . addslashes($U) . "' LIMIT 1");
	$reguser = ($DbLink->num_rows() != 0);
	if ($reguser) list($perms,$rooms) = $DbLink->next_record();
	//$DbLink->clean_results();
	// Get user status
	if ($reguser)
	{
		switch ($perms)
		{
			case 'admin':
				$isModerated = false;
				break;
			// ADDED FOR GLOBAL MOD
			case 'globalmod':
				$isModerated = false;
				break;
			// END GLOBAL MOD ADD
			case 'sysop':
				$isModerated = false;
				break;
			case 'moderator':
				$roomsTab = explode(",",$rooms);
				for (reset($roomsTab); $room_name=current($roomsTab); next($roomsTab))
				{
					if (strcasecmp(stripslashes($R), $room_name) == 0) 
					{
						$isModerated = false;
						break;
					};
				};
		};
	};
}
if( $isModerated )
{
	$Error = L_ERR_USR_22;
} else 
{
*******************************/
// Normal Talk
// Bob Dickow Custom code for /away command modification:
 if (C_NO_SWEAR == 1 || in_array($R, $FilteredRooms))
 {
 include("./lib/swearing.lib.php3");
 $M = checkwords($M, false);
 }

// Check for all caps
	if (in_array($R, $NoCapRooms))
	{
		include("./lib/captest.lib.php");
		$M = checkCaps($M);
	};

$DbLink->query("SELECT awaystat FROM ".C_USR_TBL." WHERE username='" . addslashes($U) . "'");

if ($DbLink->num_rows() != 0)
   {
     list($awaystat) = $DbLink->next_record();
   }
   //$DbLink->clean_results();

if ($awaystat == '1') {
 $Msg = sprintf(L_BACK . C_UPDTUSRS, special_char($U,$Latin1));
 $Msg = " $Msg"; 
 $awaystat = '0';
	$C = sanitize($C);
 AddMessage(stripslashes($M), $T, $R, $U, $C, "",$P);
 $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '" . addslashes($R) . "', '".addslashes($U)."', '$Latin1', ".time().", '$Private', '".addslashes($Msg)."', '" . addslashes($A) . "','" . addslashes($P) . "','" . $_SERVER['REMOTE_ADDR'] . "')");
 $DbLink->query("UPDATE ".C_USR_TBL." SET awaystat='0' WHERE username='" . addslashes($U) . "'");
 } else {
 AddMessage(stripslashes($M), $T, $R, $U, $C, "",$P);
 }
 $RefreshMessages = true; 
// END Bob Dickow custom code for /away command modification.
/****
} // moderation
****/

}

$DbLink->close();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML dir="<?php echo(($Charset == "windows-1256") ? "RTL" : "LTR"); ?>">

<HEAD>
<TITLE>Hidden Input frame</TITLE>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript1.2">
<!--
if (typeof(window.parent.frames['input']) != 'undefined'
	&& typeof(window.parent.frames['input'].window.document.forms['MsgForm']) != 'undefined'
	&& window.parent.frames['input'].window.document.forms['MsgForm'].elements['sent'] != '0')
{

/* Udate the Form at the 'input' frame */
	with (window.parent.frames['input'].window.document.forms['MsgForm'])
	{
		elements['D'].value = "<?php echo($D); ?>";
		elements['N'].value = "<?php echo($N); ?>";
		elements['O'].value = "<?php echo($O); ?>";
		elements['ST'].value = "<?php echo($ST); ?>";
		elements['NT'].value = "<?php echo($NT); ?>";
		elements['Ign'].value = "<?php echo(isset($Ign) ? htmlspecialchars(stripslashes($Ign)) : ""); ?>";
		elements['M0'].value = "<?php echo(isset($M) ? htmlspecialchars(stripslashes($M)) : ""); ?>";

// Get the value to put in the message box : previous M0 field value for /! command,
		// previous entry if it was an erroneous command, else nothing; 
		<?php
		$ValM = $IsM ? $M0 : "";
		if (isset($Error) && !($IsCommand)) $ValM = $M;
		?>
		elements['M'].value = "<?php echo(htmlspecialchars(stripslashes($ValM))); ?>";
			
		elements['MsgTo'].value = "";
		elements['C'].value = "<?php echo($C); ?>";
		elements['P'].value = "<?php echo($P); ?>";
		elements['sent'].value = "0";

if (document.all) elements['sendForm'].disabled = false;
	};

<?php
	if ($RefreshMessages)
	{
		$Tmp = (isset($Ign) && $Ign != "") ? "&Ign=".urlencode(stripslashes($Ign)) : "";
		$First = isset($First) ? $First : 0;
		?>
		/* Refresh the message frame or append messages to it */
		<?php
		if ($First) echo("window.parent.frames['messages'].window.document.close();\n\twindow.parent.connect = 0;\n");
		?>
		if (window.parent.connect == 0)
		{
			window.parent.refresh_query = "<?php echo("From=".urlencode($From)."&L=$L&U=".urlencode(stripslashes($U))."&P=".urlencode(stripslashes($P))."&R=".urlencode(stripslashes($R))."&T=$T&D=$D&N=$N&ST=$ST&NT=$NT".$Tmp."&First=$First"); ?>";
			window.parent.force_refresh();
		};
		<?php
	};

if(isset($Error))
	{
		?>
		/* Display a JavaScript alert box with the error message */
		window.parent.frames['input'].window.document.forms['MsgForm'].elements['M'].select();
		alert("<?php echo(str_replace("\\\\n","\\n",addslashes($Error))); ?>");
		<?php
	};
	?>

<?php
	$posted_var_list = "From=$From&Ver=$Ver&L=$L&U=$U&P=$P&R=$R&T=$T&D=$D&N=$N&O=$O&ST=$ST&NT=$NT";
	if (isset($PWD_Hash) && $PWD_Hash != "") $posted_var_list .= "&PWD_Hash=$PWD_Hash";
	$posted_var_list .= "&dummy=".uniqid("");	// Force reload from the server (not from the cache)

if (isset($status) && ($status == "m" || $status == "g" || $status == "o"))	// MODIFIED FOR GLOBAL MOD
	{
		?>
		/* Add the red color when the user has been promoted to moderator */
		if (!window.parent.isModerator)
		{
			window.parent.frames['input'].window.location.replace("input.php3?<?php echo($posted_var_list); ?>");
			window.parent.isModerator = 1;
		}
		<?php
	}
	elseif (!isset($status) || ($status != "a" && $status != "g" && $status != "o"))	// MODIFIED FOR GLOBAL MOD
	{
		?>
		/* Remove the red color when the user has became a 'simple user */
		if (window.parent.isModerator)
		{
			window.parent.frames['input'].window.location.replace("input.php3?<?php echo($posted_var_list); ?>");
			window.parent.isModerator = 0;
		}
		<?php
	};
	?>
};
// -->
</SCRIPT>
</HEAD>

</HTML>

Syntax Highlighting

[Open in new window]

Author Comments

none

Rating

4.38 / 8
65 Votes